THREATNOIR
Subscribe
Back to Feed
MalwareApr 14, 2026

@BlinkzSec @500mk500 @JAMESWT_WT @banthisguy9349 Thanks for sharing! Indeed Tofsee ⤵️ Stage 1 C2...

Tofsee botnet command-and-control infrastructure IOCs disclosed.

Read at source

Summary

Security researchers shared command-and-control (C2) infrastructure details for Tofsee, a known botnet malware. The disclosure includes a stage 1 C2 server and multiple stage 2 C2 addresses across various ports, along with a reference to additional IOCs.

Indicators of Compromise

  • ip — 94.232.41.96
  • domain — quag.cn
  • ip — 130.12.180.119
  • ip — 130.12.182.175
  • ip — 204.76.203.162
  • ip — 31.57.216.27
  • ip — 31.57.216.28
  • ip — 46.151.182.19
  • ip — 46.151.182.245
  • ip — 64.89.161.178